Generating Secure Random Numbers

Java provides java.util.Random class for random number generation. However, this class should not be used to generate random numbers in applications where security is critical. For example, Synchronizer Toker is often used to mitigate CSRF attacks. This token should be generated using a high quality Random Number Generator (RNG) so that the attacker is not able to predict the next token. Even while generating encryption key or SESSIONID for highly secure applications, the next key or session Id of next user should be unpredictable for the attacker.

Topics: MAC Secure random number Random Java ThreadLocalRandom Message Authentication Code UUID SecureRandom MessageDigest Uncommon Maths Technology

e-Zest Solutions is digital experience engineering company with facilities in the United States (Detroit & San Jose), Germany (Hannover), United Kingdom (London UK) and India (Pune) with global clientele. Our services include custom software development, offshore software development, UX consulting, BigData, Managed cloud Services (Azure & AWS), SharePoint consulting/Migration, Enterprise Java application development, Automated software testing services.